Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/f_PhZ3cVUwt8KU-Q3R_Rp7U5Qqc.roa
File:                     f_PhZ3cVUwt8KU-Q3R_Rp7U5Qqc.roa (raw, json)
Hash identifier:          pw8iMe30wEQ4gcHbIBeGRCxxy8nXFVPTczNYkVJNSus=
Subject key identifier:   7F:F3:E1:67:77:15:53:0B:7C:29:4F:90:DD:1F:D1:A7:B5:39:42:A7
Certificate issuer:       /CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Certificate serial:       018CC5012493F371A96360C7B1129D29D47B
Authority key identifier: E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/f_PhZ3cVUwt8KU-Q3R_Rp7U5Qqc.roa
Signing time:             Mon 01 Jan 2024 12:30:35 +0000
ROA not before:           Mon 01 Jan 2024 12:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49334
IP address blocks:        2a02:26b0:8003::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 01:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:24:93:f3:71:a9:63:60:c7:b1:12:9d:29:d4:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
        Validity
            Not Before: Jan  1 12:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ff3e1677715530b7c294f90dd1fd1a7b53942a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b4:2c:39:8c:63:be:0e:15:82:5a:5e:1b:c1:
                    7e:66:3e:7e:fe:15:f4:80:3f:ce:38:bb:c0:72:5e:
                    9f:3b:e0:eb:dc:8d:38:c5:b6:17:30:fb:62:62:71:
                    4f:6c:da:06:24:00:99:74:77:c5:3e:20:14:3f:c4:
                    65:a9:8c:a2:79:46:64:12:70:47:4c:29:10:3e:18:
                    65:f3:a9:1e:b3:38:33:65:96:4f:0a:dc:a1:eb:b6:
                    23:65:f8:c2:c0:d0:9a:43:f1:ea:88:57:61:0b:52:
                    c8:f4:40:d4:19:4b:32:bf:b7:df:ad:a8:be:66:7d:
                    3b:ea:22:e1:a8:55:24:43:2c:29:93:23:8f:af:3b:
                    41:76:64:a3:db:41:85:6f:81:58:a3:e5:2f:3c:eb:
                    ab:24:3d:a1:a9:6c:17:fc:f4:6c:08:d4:67:dd:92:
                    93:28:6b:21:14:59:df:11:71:ef:39:bd:26:4f:ab:
                    43:b8:d1:91:61:24:37:42:b7:fd:67:79:58:11:ff:
                    07:75:6c:0b:a7:29:b4:fc:9d:00:25:30:73:6a:2d:
                    df:07:26:d9:6b:58:e9:9b:6e:3a:3f:bb:ae:ed:e9:
                    7b:98:47:c8:68:cf:f0:96:a2:eb:7e:c4:50:86:f9:
                    1e:15:08:1a:c9:ac:66:af:59:c2:87:b4:b5:74:f6:
                    42:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:F3:E1:67:77:15:53:0B:7C:29:4F:90:DD:1F:D1:A7:B5:39:42:A7
            X509v3 Authority Key Identifier:
                keyid:E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/f_PhZ3cVUwt8KU-Q3R_Rp7U5Qqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:26b0:8003::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:38:7a:73:be:52:79:fe:7d:85:29:4e:74:57:16:cf:10:8d:
         23:b2:15:9a:f9:5f:2d:ad:e5:ad:94:2f:c9:0f:ea:35:20:1d:
         dd:33:84:ea:c2:d5:b7:ed:18:bb:28:96:7a:ef:58:5d:39:d1:
         3c:47:78:0d:14:83:04:49:fe:e4:d9:92:41:77:fa:2d:24:56:
         e2:12:b4:b2:94:46:68:62:ae:d9:a0:ef:10:df:92:df:b0:71:
         82:06:92:c1:c6:2e:c3:5a:f9:ae:b2:c1:69:cc:58:41:20:23:
         9b:b1:42:28:bb:44:81:5d:f1:37:55:c9:06:5a:69:08:76:34:
         24:4f:56:6c:06:22:10:59:64:2a:82:02:f8:1c:cd:aa:35:5d:
         99:e5:54:80:42:c5:de:98:bd:89:26:d0:e7:d1:17:f4:6d:47:
         6b:83:d2:aa:18:87:29:9e:86:d0:c1:dc:d1:8d:9a:96:a8:24:
         b0:d9:0d:2b:89:f5:f8:2c:30:69:c1:0e:29:70:b1:10:1c:6c:
         0c:0d:2e:fb:88:15:3d:6c:f1:26:f9:e6:ce:ac:04:72:aa:be:
         5d:04:6a:d0:59:18:1c:ef:63:d2:dc:c2:8e:65:fd:6a:46:63:
         52:a6:62:6f:ba:cc:23:4d:2b:b5:62:76:b6:c3:64:13:39:49:
         ea:86:ae:3a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFASST83GpY2DHsRKdKdR7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTJiOGU5MGQxNTdlYTAyMmY4ZTcwMDAyNGE5M2RjMzU2
YTUxNGQwHhcNMjQwMTAxMTIzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmYzZTE2Nzc3MTU1MzBiN2MyOTRmOTBkZDFmZDFhN2I1Mzk0MmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7QsOYxjvg4VglpeG8F+Zj5+/hX0
gD/OOLvAcl6fO+Dr3I04xbYXMPtiYnFPbNoGJACZdHfFPiAUP8RlqYyieUZkEnBH
TCkQPhhl86keszgzZZZPCtyh67YjZfjCwNCaQ/HqiFdhC1LI9EDUGUsyv7ffrai+
Zn076iLhqFUkQywpkyOPrztBdmSj20GFb4FYo+UvPOurJD2hqWwX/PRsCNRn3ZKT
KGshFFnfEXHvOb0mT6tDuNGRYSQ3Qrf9Z3lYEf8HdWwLpym0/J0AJTBzai3fBybZ
a1jpm246P7uu7el7mEfIaM/wlqLrfsRQhvkeFQgayaxmr1nCh7S1dPZCKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH/z4Wd3FVMLfClPkN0f0ae1OUKnMB8GA1UdIwQY
MBaAFOSiuOkNFX6gIvjnAAJKk9w1alFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTct
ZGY0YTJlNzYwY2NiLzEvZl9QaFozY1ZVd3Q4S1UtUTNSX1JwN1U1UXFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTctZGY0YTJlNzYwY2Ni
LzEvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgImsIAD
MA0GCSqGSIb3DQEBCwUAA4IBAQB9OHpzvlJ5/n2FKU50VxbPEI0jshWa+V8treWt
lC/JD+o1IB3dM4TqwtW37Ri7KJZ671hdOdE8R3gNFIMESf7k2ZJBd/otJFbiErSy
lEZoYq7ZoO8Q35LfsHGCBpLBxi7DWvmussFpzFhBICObsUIou0SBXfE3VckGWmkI
djQkT1ZsBiIQWWQqggL4HM2qNV2Z5VSAQsXemL2JJtDn0Rf0bUdrg9KqGIcpnobQ
wdzRjZqWqCSw2Q0rifX4LDBpwQ4pcLEQHGwMDS77iBU9bPEm+ebOrARyqr5dBGrQ
WRgc72PS3MKOZf1qRmNSpmJvuswjTSu1Yna2w2QTOUnqhq46
-----END CERTIFICATE-----